package dk.gov.oio.saml.servlet;

import dk.gov.oio.saml.audit.AuditService;
import dk.gov.oio.saml.service.AssertionService;
import dk.gov.oio.saml.service.OIOSAML3Service;
import dk.gov.oio.saml.service.validation.AssertionValidationService;
import dk.gov.oio.saml.session.AssertionWrapper;
import dk.gov.oio.saml.session.AuthnRequestWrapper;
import dk.gov.oio.saml.session.SessionHandler;
import dk.gov.oio.saml.util.AuditRequestUtil;
import dk.gov.oio.saml.util.ExternalException;
import dk.gov.oio.saml.util.InternalException;
import dk.gov.oio.saml.util.SamlHelper;
import dk.gov.oio.saml.util.StringUtil;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.joda.time.DateTime;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.assertion.AssertionValidationException;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.saml.saml2.core.StatusMessage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dk/gov/oio/saml/servlet/AssertionHandler.class */
public class AssertionHandler extends SAMLHandler {
    private static final Logger log = LoggerFactory.getLogger(AssertionHandler.class);

    @Override // dk.gov.oio.saml.servlet.SAMLHandler
    public void handleGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        throw new UnsupportedOperationException("GET not allowed");
    }

    /* JADX WARN: Finally extract failed */
    @Override // dk.gov.oio.saml.servlet.SAMLHandler
    public void handlePost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ExternalException, InternalException, IOException {
        String str;
        HttpSession session = httpServletRequest.getSession();
        MessageContext<SAMLObject> decodePost = decodePost(httpServletRequest);
        Response response = (SAMLObject) decodePost.getMessage();
        if (!(response instanceof Response)) {
            throw new ExternalException("Saml message was not a response");
        }
        Response response2 = response;
        try {
            log.debug("Response: {}", StringUtil.elementToString(SamlHelper.marshallObject(response2)));
        } catch (MarshallingException e) {
            log.warn("Could not marshall Response for logging purposes");
        }
        Status status = response2.getStatus();
        str = "";
        if (status != null) {
            StatusCode statusCode = status.getStatusCode();
            str = statusCode != null ? str + statusCode.getValue() : "";
            StatusMessage statusMessage = status.getStatusMessage();
            if (statusMessage != null) {
                str = str + " " + statusMessage.getMessage();
            }
        }
        DateTime issueInstant = response2.getIssueInstant();
        String dateTime = issueInstant != null ? issueInstant.toString() : "";
        String value = response2.getIssuer() != null ? response2.getIssuer().getValue() : null;
        log.info("Incoming Response - ID:'{}' InResponseTo:'{}' Issuer:'{}' Status:'{}' IssueInstant:'{}' Destination:'{}'", new Object[]{response2.getID(), response2.getInResponseTo(), value, str, dateTime, response2.getDestination()});
        SessionHandler handler = OIOSAML3Service.getSessionHandlerFactory().getHandler();
        AuthnRequestWrapper authnRequest = handler.getAuthnRequest(httpServletRequest.getSession());
        if (authnRequest == null) {
            throw new InternalException("No AuthnRequest found on session");
        }
        Assertion assertion = new AssertionService().getAssertion(response2);
        AuditService.Builder withAuthnAttribute = AuditRequestUtil.createBasicAuditBuilder(httpServletRequest, "BSA6", "ValidateAssertion").withAuthnAttribute("AUTHN_REQUEST_ID", authnRequest.getId()).withAuthnAttribute("RESPONSE_ID", response2.getID()).withAuthnAttribute("ASSERTION_ID", assertion.getID()).withAuthnAttribute("IN_RESPONSE_TO", response2.getInResponseTo()).withAuthnAttribute("RESPONSE_STATUS", str).withAuthnAttribute("ISSUER", value).withAuthnAttribute("ISSUE_INSTANT", dateTime).withAuthnAttribute("DESTINATION", response2.getDestination());
        try {
            try {
                new AssertionValidationService().validate(httpServletRequest, decodePost, response2, assertion, authnRequest);
                if (assertion.getAttributeStatements() == null || assertion.getAttributeStatements().size() != 1) {
                    throw new ExternalException("Assertion AttributeStatements were null or had more than one");
                }
                AssertionWrapper assertionWrapper = new AssertionWrapper(assertion);
                log.debug("Assertion: {}", assertionWrapper);
                withAuthnAttribute.withAuthnAttribute("RESULT", "VALID").withAuthnAttribute("SESSION_INDEX", assertionWrapper.getSessionIndex()).withAuthnAttribute("SIGNATURE_REFERENCE", assertion.getSignatureReferenceID()).withAuthnAttribute("SIGNATURE_ENTITY", assertionWrapper.getSigningCredentialEntityId()).withAuthnAttribute("ASSURANCE_LEVEL", assertionWrapper.getAssuranceLevel()).withAuthnAttribute("NSIS_LEVEL", assertionWrapper.getNsisLevel().getName()).withAuthnAttribute("SUBJECT_NAME_ID", assertionWrapper.getSubjectNameId());
                OIOSAML3Service.getAuditService().auditLog(withAuthnAttribute);
                handler.storeAssertion(session, new AssertionWrapper(assertion));
                OIOSAML3Service.getAuditService().auditLog(AuditRequestUtil.createBasicAuditBuilder(httpServletRequest, "BSA7", "CreateSession").withAuthnAttribute("SP_SESSION_ID", handler.getSessionId(session)).withAuthnAttribute("SP_SESSION_TIMEOUT", String.valueOf(session.getMaxInactiveInterval())));
                String defaultIfEmpty = StringUtil.defaultIfEmpty(authnRequest.getRequestPath(), StringUtil.getUrl(httpServletRequest, OIOSAML3Service.getConfig().getLoginPage()));
                OIOSAML3Service.getAuditService().auditLog(AuditRequestUtil.createBasicAuditBuilder(httpServletRequest, "BSA8", "SendRedirect").withAuthnAttribute("URL_REDIRECT", defaultIfEmpty));
                httpServletResponse.sendRedirect(defaultIfEmpty);
            } catch (AssertionValidationException e2) {
                log.info("Failed validating assertion: {}", new AssertionWrapper(assertion).toString());
                withAuthnAttribute.withAuthnAttribute("RESULT", e2.getMessage());
                throw new ExternalException((Exception) e2);
            }
        } catch (Throwable th) {
            OIOSAML3Service.getAuditService().auditLog(withAuthnAttribute);
            throw th;
        }
    }
}
